diff --git a/library/cipher.c b/library/cipher.c
index 81e855d465..7dc09ee945 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -129,7 +129,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values(
 
     for (def = mbedtls_cipher_definitions; def->info != NULL; def++) {
         if (def->info->base->cipher == cipher_id &&
-            def->info->key_bitlen == (unsigned) key_bitlen &&
+            mbedtls_cipher_info_get_key_bitlen(def->info) == (unsigned) key_bitlen &&
             def->info->mode == mode) {
             return def->info;
         }
@@ -323,7 +323,7 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN) == 0 &&
-        (int) ctx->cipher_info->key_bitlen != key_bitlen) {
+        (int) mbedtls_cipher_info_get_key_bitlen(ctx->cipher_info) != key_bitlen) {
         return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
     }
 
diff --git a/library/pkcs12.c b/library/pkcs12.c
index ce2dcf27ea..a0966f6481 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -151,7 +151,7 @@ int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
         return MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE;
     }
 
-    keylen = cipher_info->key_bitlen / 8;
+    keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
 
     if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, md_type, pwd, pwdlen,
                                         key, keylen,
diff --git a/library/pkcs5.c b/library/pkcs5.c
index 94da9813e9..6cbb5208ac 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -176,7 +176,7 @@ int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode,
      * The value of keylen from pkcs5_parse_pbkdf2_params() is ignored
      * since it is optional and we don't know if it was set or not
      */
-    keylen = cipher_info->key_bitlen / 8;
+    keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
 
     if (enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING ||
         enc_scheme_params.len != cipher_info->iv_size) {
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index e8bbc78d1e..6027671d62 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -1143,10 +1143,10 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
     cipher_info = mbedtls_cipher_info_from_type(cipher_type);
     CHK(cipher_info != NULL);
     CHK(cipher_info->iv_size <= 16);
-    CHK(cipher_info->key_bitlen % 8 == 0);
+    CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0);
 
     /* Pick keys */
-    keylen = cipher_info->key_bitlen / 8;
+    keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
     /* Allocate `keylen + 1` bytes to ensure that we get
      * a non-NULL pointers from `mbedtls_calloc` even if
      * `keylen == 0` in the case of the NULL cipher. */
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index f8420458f2..aa2849bc85 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -586,12 +586,12 @@ void dec_empty_buf(int cipher,
     ASSERT_ALLOC(iv, iv_len);
     memset(iv, 0, iv_len);
 
-    TEST_ASSERT(sizeof(key) * 8 >= cipher_info->key_bitlen);
+    TEST_ASSERT(sizeof(key) * 8 >= mbedtls_cipher_info_get_key_bitlen(cipher_info));
 
     TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info));
 
     TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec,
-                                           key, cipher_info->key_bitlen,
+                                           key, mbedtls_cipher_info_get_key_bitlen(cipher_info),
                                            MBEDTLS_DECRYPT));
 
     TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len));